GHSA-FQVV-JVHR-G5JC

Vulnerability from github – Published: 2026-05-05 18:21 – Updated: 2026-05-13 14:18
VLAI?
Summary
FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft
Details

Impact

The POST /api/v2/firefighter/raid/jira_bot endpoint (CreateJiraBotView) is reachable without authentication (permission_classes = [permissions.AllowAny]). Its attachments payload is fetched server-side via httpx.get() with no URL validation, then uploaded as an attachment on the Jira ticket that gets created.

An unauthenticated caller able to reach the ingress can coerce the pod into fetching arbitrary URLs — including the cloud metadata endpoint at http://169.254.169.254/ — and exfiltrate the response as a Jira attachment.

On EC2/EKS deployments that do not enforce IMDSv2, this allows theft of the temporary AWS credentials attached to the pod's IAM role. The docstring on the view claims a Bearer token is required, but the code does not enforce it.

Affected code paths: - src/firefighter/raid/views/__init__.pyCreateJiraBotView - src/firefighter/raid/serializers.pyLandbotIssueRequestSerializer.attachments - src/firefighter/raid/client.pyRaidJiraClient.add_attachments_to_issue

### Patches Fixed in firefighter-incident 0.0.54: - CreateJiraBotView now enforces BearerTokenAuthentication + IsAuthenticated. - attachments URLs are validated: http(s) scheme only, max 10 URLs, rejection of any host resolving to a private, loopback, link-local, reserved, multicast or unspecified IP (IPv4 and IPv6). - Fixes an unrelated KeyError('attachments') surfaced during regression testing.

Users should upgrade to 0.0.54 or later.

### Workarounds Until upgrade is possible, any one of the following blocks end-to-end exploitation: - Restrict ingress access to /api/v2/firefighter/raid/jira_bot to trusted networks only (VPN, internal load balancer). - Rotate or revoke the Jira API token configured as RAID_JIRA_API_PASSWORD; this breaks jira.create_issue() before the vulnerable attachment fetch is reached (legitimate traffic is also blocked — emergency mitigation only). - Enforce IMDSv2 with HttpPutResponseHopLimit=1 on EC2/EKS nodes. This does not fix the SSRF itself but neutralises the IAM-credential-theft path.

### Resources - CWE-918: Server-Side Request Forgery - CWE-306: Missing Authentication for Critical Function

Severity ?
9.9 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "firefighter-incident"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.54"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42864"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306",
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-05T18:21:17Z",
    "nvd_published_at": "2026-05-11T19:16:24Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n  The `POST /api/v2/firefighter/raid/jira_bot` endpoint (`CreateJiraBotView`) is\n  reachable without authentication (`permission_classes = [permissions.AllowAny]`).\n  Its `attachments` payload is fetched server-side via `httpx.get()` with no URL\n  validation, then uploaded as an attachment on the Jira ticket that gets created.\n\n  An unauthenticated caller able to reach the ingress can coerce the pod into\n  fetching arbitrary URLs \u2014 including the cloud metadata endpoint at\n  `http://169.254.169.254/` \u2014 and exfiltrate the response as a Jira attachment.\n\n  On EC2/EKS deployments that do not enforce IMDSv2, this allows theft of the\n  temporary AWS credentials attached to the pod\u0027s IAM role. The docstring on the\n  view claims a Bearer token is required, but the code does not enforce it.\n\n  Affected code paths:\n  - `src/firefighter/raid/views/__init__.py` \u2014 `CreateJiraBotView`\n  - `src/firefighter/raid/serializers.py` \u2014 `LandbotIssueRequestSerializer.attachments`\n  - `src/firefighter/raid/client.py` \u2014 `RaidJiraClient.add_attachments_to_issue`\n\n  ### Patches\n  Fixed in `firefighter-incident` `0.0.54`:\n  - `CreateJiraBotView` now enforces `BearerTokenAuthentication` + `IsAuthenticated`.\n  - `attachments` URLs are validated: http(s) scheme only, max 10 URLs, rejection\n    of any host resolving to a private, loopback, link-local, reserved, multicast\n    or unspecified IP (IPv4 and IPv6).\n  - Fixes an unrelated `KeyError(\u0027attachments\u0027)` surfaced during regression testing.\n\n  Users should upgrade to `0.0.54` or later.\n\n  ### Workarounds\n  Until upgrade is possible, any one of the following blocks end-to-end exploitation:\n  - Restrict ingress access to `/api/v2/firefighter/raid/jira_bot` to trusted\n    networks only (VPN, internal load balancer).\n  - Rotate or revoke the Jira API token configured as `RAID_JIRA_API_PASSWORD`;\n    this breaks `jira.create_issue()` before the vulnerable attachment fetch is\n    reached (legitimate traffic is also blocked \u2014 emergency mitigation only).\n  - Enforce IMDSv2 with `HttpPutResponseHopLimit=1` on EC2/EKS nodes. This does\n    not fix the SSRF itself but neutralises the IAM-credential-theft path.\n\n  ### Resources\n  - CWE-918: Server-Side Request Forgery\n  - CWE-306: Missing Authentication for Critical Function",
  "id": "GHSA-fqvv-jvhr-g5jc",
  "modified": "2026-05-13T14:18:22Z",
  "published": "2026-05-05T18:21:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ManoManoTech/firefighter-incident/security/advisories/GHSA-fqvv-jvhr-g5jc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42864"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ManoManoTech/firefighter-incident/commit/2586679e6f32c12d223668b73e98f4c4de7b771f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ManoManoTech/firefighter-incident"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.